Dn42: Decentralised Network 42

dn42 is a big dynamic VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun! This session will start with an introduction to dn42, followed by some short presentations from participants about their projects with dn42 and will finish with free-form discussion about where to take the network in the future.

Contents

Why dn42?

dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun!

Experiment with routing technology

Participating in dn42 is primarily useful for learning routing technologies such as BGP, using a reasonably large network (~200 AS, ~400 prefixes).

Since dn42 is very similar to the Internet, it can be used as a hands-on testing ground for new ideas, or simply to learn real networking stuff that you probably can't do on the Internet (BGP multihoming, transit). The biggest advantage when compared to the Internet: if you break something in the network, you won't have any big network operator yelling angrily at you.

Connect hackerspaces

dn42 is also a great way to connect hacker spaces in a secure way, so that they can provide services to each other.

Have you ever wanted to SSH on your Raspberry Pi hosted at your local hacker space and had trouble doing so because of NAT? If your hacker space was using dn42, it could have been much easier.

Nowadays, most end-user networks use NAT to squeeze all those nifty computing devices behind a single public IPv4 address. This makes it difficult to provide services directly from a machine behind the NAT. Besides, you might want to provide some services to other hackerspaces, but not to anybody on the Internet.

dn42 solves this problem. By addressing your network in dn42, your devices can communicate with all other participants in a transparent way, without resorting to this ugly thing called NAT. Of course, this doesn't mean that you have to fully open your network to dn42: similarly to IPv6, you can still use a firewall (but you could, for instance, allow incoming TCP 22 and TCP 80 from dn42 by default).

Presentations and Discussion Session

Introduction to dn42 (irl will do it if no one else volunteers) - 10 mins